Denial of ML Service

Denial of ML Service occurs when users with bad intentions intentionally overload an AI model with excessive or computationally intensive queries, disrupting functionality for actual users. Unlike traditional Denial-of-Service (DDoS) attacks that flood web servers, these attacks target the model’s inference pipeline, often exploiting high-cost operations like large prompts or complex API chains in LLM applications.

Attacks can be:

- Volume-based, involving a high number of low-cost queries.

- Compute-based, involving fewer, resource-heavy queries designed to exhaust memory, CPU, or the GPU.

- OpenAI Rate-Limiting: Developers reported API slowdowns during peak usage windows, sometimes triggered by misuse or high-frequency requests.
- AIID Incident 1001: LLM Scrapers Allegedly Target Multiple Open Source Projects Disrupting the FOSS Ecosystem: In March 2025, KDE’s GitLab infrastructure was disrupted by aggressive AI web scrapers. These bots spoofed browser headers, which overwhelmed the site and caused outages for developers.